on 2007 Jan 18 12:12 PM
Hi everyone,
I'm using a SAP WebDispatcher to provide access to an Enterprise Portal. The problem is, I have to use HTTPS and no HTTP at all. The HTTPS access to the WebDispatcher works fine. When I type the URL https://<mywebdispatcher>/sap/admin everything works as expected.
But when I try to access the portal by typing https://<mywebdispatcher>, I get instantly redirected to a non-HTTPS connection (http://<mywebdispatcher>/irj/portal). The parameter I use is:
icm/HTTP/redirect_0 PREFIX=/, TO=/irj
If I use:
icm/HTTP/redirect_0 PREFIX=/, TO=/irj/portal
the logon screen is still HTTPS but the next then again is not.
I can't dactivate the HTTP service of the WebDispatcher, because I get a "page not found" after the redirection.
I am able to switch between HTTP and HTTPS at any time, once I have logged in.
What else do I have to do or what did I forget?
Thanks in advance,
Michael
Hi all,
to anybody who might be interested: it was the certificate of the J2EE engine which was invalid due to a system copy. We adjusted this certificate and everything worked fine. Thanks to everyone who tried to help.
Regards,
Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sorry for the late reply...
This didn't help either. Maybe I can get it to work the way I want by only allowing https and no http on my portal. Is that possible? If yes, how do I do it?
Regards,
Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Michael,
you need to specify the protocol that is to be used by the redirect. The documentation on icm/HTTP/redirect_<xx> states:
<i><b>The parameter has the following syntax:
icm/HTTP/redirect_<xx> = PREFIX=<URL prefix>[, FROM=<pattern for URL>, FROMPROT=<incoming protocol>, FOR=<pattern for host name:port>,TO=<new URL prefix>, PROT=<protocol>, HOST=<host>, PORT=<port number/name>]
<xx> must be specified in ascending order from 0.</b></i>
Try
icm/HTTP/redirect_0 PREFIX=/, TO=/irj, PROT=https
you can also use
icm/HTTP/redirect_0 PREFIX=/, TO=/irj, FROMPROT=http, PROT=https
to ensure that yll requests using HTTP will be redirected to HTTPS.
Best Regards,
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No success again, with wdisp/ssl_encrypt = 2 I still get the "certificate expired" error as stated in the tracefile above. I also think this is the wrong value anyway. If I understand correctly wdisp/ssl_encrypt = 2 would get me an encrypted connection between the webdispatcher and the portal server. What I need is an encrypted connection between the client (browser) and the webdispatcher. But when I enter the URL with HTTPS I get redirected to HTTP immediately.
Hope this made it clearer.
[edit]
Oh I forgot to mention I get a lot of
[Thr 6940] *** WARNING => redispatching of failed stateful request [http_route.c 3021]
in my tracefile. Could that also be a reason?
[/edit]
Regards,
Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the reply. I already read through this page, but didn't find anything that helps. The only thing I tried is to change the parameter wdisp/ssl_encrypt to 1 (was 0). Result: http still works fine, https doesn't work at all. In the tracefile I can see that the certificate for the ssl connection between WebDispatcher and WebAS in not valid anymore:
Tracefile:
[Thr 2212] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 2212] SSL socket: local=<WebDisp IP>:3509 peer=<WebAS IP>:58801
[Thr 2212] <<- ERROR: SapSSLSessionStart(sssl_hdl=00BF9F08)==SSSLERR_SSL_CONNECT
[Thr 2212] *** ERROR => IcmConnPoolConnect: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxpool.c 2077]
[Thr 2212] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 2212] session uses PSE file "<SECUDIR>\SAPSSLS.pse"
[Thr 2212] SecudeSSL_SessionStart: SSL_connect() failed --
secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 2212] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 2212] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (101/0x0065) Certificate expired (notbefore=031002072500Z, notafter=051002072500Z, now=070119143315Z)
ERROR in af_check_validity_of_Certificate: (101/0x0065) Certificate expired (notbefore=031002072500Z, notafter=051002072500Z, now=070119143315Z)
[Thr 2212] << -
End of Secude-SSL Errorstack -
The certificate file SAPSSLS.pse is the same as for the https connection to the WebDispatcher and expires 2008. Where do the "notbefore" and "notafter" values come from?
Any suggestions?
Regards,
Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Please check the following link:
http://help.sap.com/saphelp_nw2004s/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm
Regards,
Siddhesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
68 | |
10 | |
10 | |
7 | |
6 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.